@techreport{herley2008protecting,
author = {Herley, Cormac and Florencio, Dinei},
title = {Protecting Financial Institutions from Brute-Force Attacks},
year = {2008},
month = {September},
abstract = {We examine the problem of protecting online banking accounts from password brute-forcing attacks. Our method is to create a large number of honeypot userID-password pairs. Presentation of any of these honeypot credentials causes the attacker to be logged into a honeypot account with fictitious attributes. For the attacker to tell the difference between a honeypot and a real account he must attempt to transfer money out. We show that is simple to ensure that a brute-force attacker will encounter hundreds or even thousands of honeypot accounts for every real break-in. His activity in the honeypots provides the data by which the bank learns the attackers attempts to tell real from honeypot accounts, and his cash out strategy.},
publisher = {Springer-Verlag},
url = {http://approjects.co.za/?big=en-us/research/publication/protecting-financial-institutions-from-brute-force-attacks-2/},
edition = {Proc. 23rd International Information Security Conference (SEC 2008)},
number = {MSR-TR-2007-132},
note = {Proceedings of the 1999 Haskell Workshop},
}